Switches from using libc::iovec directly to using our own IoSliceMut.
This also renames IntoIovec to IntoIobuf, along with the associated
methods. Effectively this pushes conversion into iovec closer to
where it is used.
Test: FEATURES=test emerge-eve crosvm
Change-Id: I2f907aa321a43d751a82e8430c74ac08b95772f7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2300842
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Noah Gold <nkgold@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Change VolatileSlice so that it is ABI-compatible with iovec. This
allows us to directly pass in a VolatileSlice for a C function that
expects an iovec without having to create temporaries that convert from
one to the other.
Also change all the parameters from u64 to usize. It's not possible to
address more memory than fits into a usize so having u64 here didn't
really provide much benefit and led to a lot of tedious casting back and
forth all over the place.
BUG=none
TEST=unit tests
Cq-Depend: chromium:2206621
Change-Id: I258f9123c603d9a4c6c5e2d4d10eb4aedf74466d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2203998
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
This trait provides a generic interface for allocating space on the
filesystem within a given file. It is equivalent to the fallocate(2)
system call with the default mode (mode = 0).
BUG=chromium:858815
TEST=cargo build --features=composite-disk
Change-Id: I2f4e8aceb4878790e8dec2e3d539071915efd205
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2015828
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Add a new disk-specific DiskGetLen trait which uses io::Seek instead of
File::metadata() to determine the length so that it works on raw block
devices (e.g. /dev/sda) as well as regular files.
BUG=b:146811529
TEST=`crosvm run --disk /dev/sda` and verify block device length
Change-Id: I6936863490efaa479a3c8745c75c373748c800a1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1990855
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Trent Begin <tbegin@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
The implementations of FileReadWriteVolatile and FileReadWriteAtVolatile
for SharedMemory are never used; SharedMemory is typically accessed as a
memory mapping, not as a writable/readable file-like object. Remove the
implementation of these traits for SharedMemory to simplify porting to
other platforms where SharedMemory may not necessarily be backed by a
file-like object.
BUG=None
TEST=./build_test.py
Change-Id: I9c1e46ad2d3299b8676fad33151cde7c4b1c7b8e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1937555
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
This new trait allows DiskFile implementors to provide the length of the
file directly rather than using SeekFrom::End with seek().
BUG=None
TEST=./build_test
TEST=Boot Termina in crosvm
Change-Id: I9447ebb43dbd5fbb32a3a6b6d2fc969b9406cdbc
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1913961
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Certain types of file descriptors, such as tap devices, aren't compatible with
writing at offsets. Split the volatile_impl macro into two, one for
FileReadWriteVolatile and another for FileReadWriteAtVolatile.
Tweak the macros be usable from other crates.
BUG=chromium:753630
TEST=cargo build
Change-Id: I0671024e24e8b5eaedbde2c1da80e3ec684c06a1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1881417
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Commit-Queue: Stephen Barber <smbarber@chromium.org>
Refactor the Reader and Writer implementations for DescriptorChains.
This has several changes:
* Change the DescriptorChainConsumer to keep a
VecDeque<VolatileSlice> instead of an iterator. This delegates the
fiddly business of sub-slicing chunks of memory to the VolatileSlice
implementation.
* Read in the entire DescriptorChain once when the Reader or Writer is
first constructed. This allows us to validate the DescriptorChain
in the beginning rather than having to deal with an invalid
DescriptorChain in the middle of the device operating on it.
Combined with the check that enforces the ordering of read/write
descriptors in a previous change we can be sure that the entire
descriptor chain that we have copied in is valid.
* Add a new `split_at` method so that we can split the Reader/Writer
into multiple pieces, each responsible for reading/writing a
separate part of the DescriptorChain. This is particularly useful
for implementing zero-copy data transfer as we sometimes need to
write the data first and then update an earlier part of the buffer
with the number of bytes written.
* Stop caching the available bytes in the DescriptorChain. The
previous implementation iterated over the remaining descriptors in
the chain and then only updated the cached value. If a mis-behaving
guest then changed one of the later descriptors, the cached value
would no longer be valid.
* Check for integer overflow when calculating the number of bytes
available in the chain. A guest could fill a chain with five 1GB
descriptors and cause an integer overflow on a 32-bit machine.
This would previously crash the device process since we compile with
integer overflow checks enabled but it would be better to return an
error instead.
* Clean up the Read/Write impls. Having 2 different functions called
`read`, with different behavior is just confusing. Consolidate on
the Read/Write traits from `std::io`.
* Change the `read_to` and `write_from` functions to be generic over
types that implement `FileReadWriteVolatile` since we are not
allowed to assume that it's safe to call read or write on something
just because it implements `AsRawFd`. Also add `*at` variants that
read or write to a particular offset rather than the kernel offset.
* Change the callback passed to the `consume` function of
`DescriptorChainConsumer` to take a `&[VolatileSlice]` instead.
This way we can use the `*vectored` versions of some methods to
reduce the number of I/O syscalls we need to make.
* Change the `Result` types that are returned. Functions that perform
I/O return an `io::Result`. Functions that only work on guest
memory return a `guest_memory::Result`. This makes it easier to
inter-operate with the functions from `std::io`.
* Change some u64/u32 parameters to usize to avoid having to convert
back and forth between the two in various places.
BUG=b:136128319
TEST=unit tests
Change-Id: I15102f7b4035d66b5ce0891df42b656411e8279f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1757240
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Add the FileReadWriteAtVolatile trait, which is basically the same as
the FileReadWriteVolatile trait but additionally takes an offest. This
is only useful for types that are seekable and can allow concurrent
operations on the same underlying type.
Also add `*_vectored` versions of all the functions. These match the
`*_vectored` functions in the standard library and can reduce the number
of system calls needed to read or write a whole buffer.
Implement both traits for `&mut T` if `T` implements them.
Change the trait implementation for `File` to a macro so that we can
also implement it for `GuestMemory`.
BUG=b:136128319
TEST=unit tests
Change-Id: I3d8eb7bba17fe3247e18649b1b04e21a91a841e2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1724229
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
This supports virtio disks that depend on multiple file descriptors. All
of the file descriptors are passed to the jail when relevant.
Bug: b/133432409
Change-Id: Idf2e24cd2984c0d12a47a523c13d24c1ba8d173e
Signed-off-by: Cody Schuffelen <schuffelen@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1691761
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
This manifested itself in a couple places that were turning shared
memory buffers into slices for the purposes of passing these slices to
`Read` and `Write` trait methods.
However, this required the removal of the methods that took `Read` and
`Write` instances. This was a convenient interface but impossible to
implement safely because making slices from raw pointers without
enforcing safety guarantees causes undefined behaviour in Rust. It turns
out lots of code in crosvm was using these interfaces indirectly, which
explains why this CL touches so much.
TEST=crosvm run
BUG=chromium:938767
Change-Id: I4ff40c98da6ed08a4a42f4c31f0717f81b1c5863
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1636685
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Generalize file_sync into file_traits so that we can add another
wrapper, this time for the set_len() method implemented directly on
File. This will also be implemented on QcowFile.
BUG=chromium:858815
TEST=build_test
Change-Id: I43fbd1968a844c8cac359973a63babcc26942204
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1394148
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
